Sona (getsona.com)

www.getsona.com

1 Job

138 Employees

About the Company

Sona is the next-generation workforce management solution for large frontline operators, where consumer grade design is matched by AI-driven decision making.

Combining end-to-end WFM functionality - including Scheduling, Time & Attendance, HR and Payroll - with truly intelligent AI capabilities, Sona enables real-time actionable insights geared towards driving revenue and increasing employee satisfaction.

Listed Jobs

Company Name: Sona (getsona.com)
Job Title: Compliance Manager
Job Description: Job Title: Compliance Manager Role Summary: Lead the development and implementation of the company’s information security and compliance program, driving ISO 27001 readiness and subsequent SOC 2 certification. Work cross‑functionally with Product, Engineering, Legal, and Leadership to translate regulatory and risk requirements into operational systems, tools, and processes that support scalable growth. Expactations: - Deliver end‑to‑end compliance for ISO 27001 (immediate) and SOC 2 (medium term). - Own risk management, policy creation, and control implementation across the organization. - Serve as primary contact for external audits, customer security reviews, RFPs, and regulatory inquiries. - Guide teams on data security, risk mitigation, and secure AI adoption. - Support AML compliance initiatives and broaden expertise as needed. - Maintain a pragmatic, risk‑based approach while fostering a culture of security awareness. Key Responsibilities: - Own and lead information security strategy, policies, and controls. - Lead external certification efforts (ISO 27001, GDPR, SOC 2, Cyber Essentials). - Advise cross‑functional teams on risk, data security, and tool adoption. - Translate compliance requirements into concrete systems, tools, and processes. - Implement technical controls (access management, logging, monitoring, incident response, device management). - Act as point of contact for RFPs, customer security reviews, questionnaires, and audits. - Develop and enhance AML compliance framework over time. Required Skills: - 5+ years in information security, compliance, or closely related roles. - Proven experience leading or contributing to external certifications (ISO 27001, GDPR, SOC 2, Cyber Essentials). - Hands‑on experience with security controls implementation and vendor tool configuration. - Strong understanding of SaaS/technology environments, ideally startup or scale‑up. - Pragmatic, risk‑based mindset with clear, constructive communication. - Ability to work cross‑functionally and translate technical controls into business processes. - Experience in a SaaS or technology environment; startup/scale‑up preferred. Required Education & Certifications: - Bachelor’s degree in Computer Science, Information Security, Business, or related field. - Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer strongly preferred. - Knowledge of AML compliance is a plus.